diff --git a/doc/ChangeLog b/doc/ChangeLog index 93f50cd0b..6556c694a 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,12 @@ 2011-04-07 vadim + * CompilerDriver_pix_run.cpp (pixNetworkZoneChecks): see SF bug + 3213019 "FWSM Network zone and IPv6". Currently we do not support + ipv6 with PIX/ASA and FWSM. If user creates a group to be used as + network zone object and places ipv6 address in it, this address + should be ignored while compiling the policy but this should not + be an error. + * FirewallInstaller.cpp (executeExternalInstallScript): see SF bug 3212988 "external script makes getopt difficult". User-defined parameters for the external script moved to the end of the command diff --git a/src/cisco_lib/CompilerDriver_pix_run.cpp b/src/cisco_lib/CompilerDriver_pix_run.cpp index d2ba375a2..7525afc08 100644 --- a/src/cisco_lib/CompilerDriver_pix_run.cpp +++ b/src/cisco_lib/CompilerDriver_pix_run.cpp @@ -743,6 +743,21 @@ void CompilerDriver_pix::pixNetworkZoneChecks(Firewall *fw, throw FatalErrorInSingleRuleCompileMode(); } +/* + Commented out for SF bug 3213019 + + currently we do not support ipv6 with PIX/ASA and FWSM. If user + creates a group to be used as network zone object and places ipv6 + address in it, this address should be ignored while compiling the + policy but this should not be an error. Compiler uses network zone + group to do various address matching operations when it tries to + determine an interface for a rule where user did not specify + one. Since we never (should) have ipv6 in policy and nat rules, + compiler is not going to have anything to compare to ipv6 address in + the network zone even if there is one and this ipv6 address is going + to be ignored. + + if (addr->getAddressPtr()->isV6()) { QString err("Network zone of interface '%1' uses object '%2' " @@ -752,7 +767,7 @@ void CompilerDriver_pix::pixNetworkZoneChecks(Firewall *fw, .arg((*j)->getName().c_str()).toStdString()); throw FatalErrorInSingleRuleCompileMode(); } - +*/ netzone_objects.insert( pair(iface->getLabel(),*j)); nz->addRef(*j); diff --git a/src/cisco_lib/Helper.cpp b/src/cisco_lib/Helper.cpp index 543e85059..b51cfbda9 100644 --- a/src/cisco_lib/Helper.cpp +++ b/src/cisco_lib/Helper.cpp @@ -211,8 +211,8 @@ int Helper::findInterfaceByNetzone(Address *obj) * that object 'obj' belongs to. Returns interface ID * */ -int Helper::findInterfaceByNetzone( - const InetAddr *addr, const libfwbuilder::InetAddr *nm) throw(FWException) +int Helper::findInterfaceByNetzone(const InetAddr *addr, const InetAddr *nm) + throw(FWException) { #if DEBUG_NETZONE_OPS cerr << "Helper::findInterfaceByNetzone"; @@ -253,12 +253,14 @@ int Helper::findInterfaceByNetzone( for (list::iterator j=nz.begin(); j!=nz.end(); ++j) { - if (Address::cast(*j) == NULL) continue; + Address *netzone_addr = Address::cast(*j); + + if (netzone_addr == NULL) continue; #if DEBUG_NETZONE_OPS cerr << "Helper::findInterfaceByNetzone"; - cerr << " " << (*j)->getName() - << " " << Address::cast(*j)->getAddressPtr()->toString() + cerr << " " << netzone_addr->getName() + << " " << netzone_addr->getAddressPtr()->toString() << endl; #endif @@ -266,12 +268,17 @@ int Helper::findInterfaceByNetzone( // net_zone=="any" if (addr==NULL) { - if ((*j)->getId()==FWObjectDatabase::ANY_ADDRESS_ID) + if (netzone_addr->getId()==FWObjectDatabase::ANY_ADDRESS_ID) return iface->getId(); // id of the interface } else { - const InetAddr *nz_addr = Address::cast(*j)->getAddressPtr(); - const InetAddr *nz_netm = Address::cast(*j)->getNetmaskPtr(); + // see SF bug 3213019 + // skip ipv6 addresses in network zone group + if (netzone_addr->getAddressPtr()->addressFamily() != + addr->addressFamily()) continue; + + const InetAddr *nz_addr = netzone_addr->getAddressPtr(); + const InetAddr *nz_netm = netzone_addr->getNetmaskPtr(); if (nm != NULL && nz_netm != NULL) { InetAddrMask nz_subnet(*nz_addr, *nz_netm); @@ -298,7 +305,7 @@ int Helper::findInterfaceByNetzone( // to either. if (ovr.front() == other_subnet) { - zones[iface->getId()] = *j; + zones[iface->getId()] = netzone_addr; #if DEBUG_NETZONE_OPS cerr << "Helper::findInterfaceByNetzone"; cerr << " match" << endl; @@ -306,9 +313,9 @@ int Helper::findInterfaceByNetzone( } } else { - if (Address::cast(*j)->belongs(*addr)) + if (netzone_addr->belongs(*addr)) { - zones[iface->getId()] = *j; + zones[iface->getId()] = netzone_addr; #if DEBUG_NETZONE_OPS cerr << "Helper::findInterfaceByNetzone"; diff --git a/test/pix/cluster1-1_pix1.fw.orig b/test/pix/cluster1-1_pix1.fw.orig index fc568dcac..0b5d0bd77 100755 --- a/test/pix/cluster1-1_pix1.fw.orig +++ b/test/pix/cluster1-1_pix1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:39 2011 PDT by vadim +! Generated Thu Apr 7 10:50:25 2011 PDT by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/cluster1-1_pix2.fw.orig b/test/pix/cluster1-1_pix2.fw.orig index dd4234c2f..4e3ce8b42 100755 --- a/test/pix/cluster1-1_pix2.fw.orig +++ b/test/pix/cluster1-1_pix2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:39 2011 PDT by vadim +! Generated Thu Apr 7 10:50:25 2011 PDT by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/cluster1_pix1.fw.orig b/test/pix/cluster1_pix1.fw.orig index 5b8491d09..ea9401a34 100755 --- a/test/pix/cluster1_pix1.fw.orig +++ b/test/pix/cluster1_pix1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:39 2011 PDT by vadim +! Generated Thu Apr 7 10:50:24 2011 PDT by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/cluster1_pix2.fw.orig b/test/pix/cluster1_pix2.fw.orig index f4c11c39f..b7cff454e 100755 --- a/test/pix/cluster1_pix2.fw.orig +++ b/test/pix/cluster1_pix2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:39 2011 PDT by vadim +! Generated Thu Apr 7 10:50:24 2011 PDT by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall.fw.orig b/test/pix/firewall.fw.orig index 5cb229d16..d93c9b8e9 100755 --- a/test/pix/firewall.fw.orig +++ b/test/pix/firewall.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:26 2011 PDT by vadim +! Generated Thu Apr 7 10:50:12 2011 PDT by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall1.fw.orig b/test/pix/firewall1.fw.orig index 4aa4d6244..d46636001 100755 --- a/test/pix/firewall1.fw.orig +++ b/test/pix/firewall1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:26 2011 PDT by vadim +! Generated Thu Apr 7 10:50:12 2011 PDT by vadim ! ! Compiled for pix 6.1 ! Outbound ACLs: not supported diff --git a/test/pix/firewall10.fw.orig b/test/pix/firewall10.fw.orig index 02f06ab53..f74351268 100755 --- a/test/pix/firewall10.fw.orig +++ b/test/pix/firewall10.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:27 2011 PDT by vadim +! Generated Thu Apr 7 10:50:13 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall11.fw.orig b/test/pix/firewall11.fw.orig index aae7a2150..8bba37ca6 100755 --- a/test/pix/firewall11.fw.orig +++ b/test/pix/firewall11.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:27 2011 PDT by vadim +! Generated Thu Apr 7 10:50:13 2011 PDT by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall12.fw.orig b/test/pix/firewall12.fw.orig index bdaad373c..6ac5454c7 100755 --- a/test/pix/firewall12.fw.orig +++ b/test/pix/firewall12.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:27 2011 PDT by vadim +! Generated Thu Apr 7 10:50:13 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall13.fw.orig b/test/pix/firewall13.fw.orig index d6a04c8f7..42fe7d33c 100755 --- a/test/pix/firewall13.fw.orig +++ b/test/pix/firewall13.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:28 2011 PDT by vadim +! Generated Thu Apr 7 10:50:14 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall14.fw.orig b/test/pix/firewall14.fw.orig index 90368d9d2..95c947355 100755 --- a/test/pix/firewall14.fw.orig +++ b/test/pix/firewall14.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:28 2011 PDT by vadim +! Generated Thu Apr 7 10:50:14 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall2.fw.orig b/test/pix/firewall2.fw.orig index 4bd04500c..3fdc9ac11 100755 --- a/test/pix/firewall2.fw.orig +++ b/test/pix/firewall2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:28 2011 PDT by vadim +! Generated Thu Apr 7 10:50:14 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall20.fw.orig b/test/pix/firewall20.fw.orig index 26c17c04d..98673ecee 100755 --- a/test/pix/firewall20.fw.orig +++ b/test/pix/firewall20.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:29 2011 PDT by vadim +! Generated Thu Apr 7 10:50:15 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall21-1.fw.orig b/test/pix/firewall21-1.fw.orig index cfba2f55d..943458b3b 100755 --- a/test/pix/firewall21-1.fw.orig +++ b/test/pix/firewall21-1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:29 2011 PDT by vadim +! Generated Thu Apr 7 10:50:15 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall21.fw.orig b/test/pix/firewall21.fw.orig index 21c1ec0df..7ff5ddf94 100755 --- a/test/pix/firewall21.fw.orig +++ b/test/pix/firewall21.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:29 2011 PDT by vadim +! Generated Thu Apr 7 10:50:15 2011 PDT by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall22.fw.orig b/test/pix/firewall22.fw.orig index 47891bda8..6b02a45a4 100755 --- a/test/pix/firewall22.fw.orig +++ b/test/pix/firewall22.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:30 2011 PDT by vadim +! Generated Thu Apr 7 10:50:16 2011 PDT by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall23.fw.orig b/test/pix/firewall23.fw.orig index e63f71fd8..1fa7e0ea5 100755 --- a/test/pix/firewall23.fw.orig +++ b/test/pix/firewall23.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:30 2011 PDT by vadim +! Generated Thu Apr 7 10:50:16 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall3.fw.orig b/test/pix/firewall3.fw.orig index ca819a5c3..a8db20af3 100755 --- a/test/pix/firewall3.fw.orig +++ b/test/pix/firewall3.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:30 2011 PDT by vadim +! Generated Thu Apr 7 10:50:16 2011 PDT by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall33.fw.orig b/test/pix/firewall33.fw.orig index 830c9e517..dab8d27ad 100755 --- a/test/pix/firewall33.fw.orig +++ b/test/pix/firewall33.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:31 2011 PDT by vadim +! Generated Thu Apr 7 10:50:16 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall34.fw.orig b/test/pix/firewall34.fw.orig index 2bd34d2fe..e71850e99 100755 --- a/test/pix/firewall34.fw.orig +++ b/test/pix/firewall34.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:31 2011 PDT by vadim +! Generated Thu Apr 7 10:50:17 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall4.fw.orig b/test/pix/firewall4.fw.orig index 8cb931592..8a5df0a4c 100755 --- a/test/pix/firewall4.fw.orig +++ b/test/pix/firewall4.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:31 2011 PDT by vadim +! Generated Thu Apr 7 10:50:17 2011 PDT by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall50.fw.orig b/test/pix/firewall50.fw.orig index 86b0af759..df791473d 100755 --- a/test/pix/firewall50.fw.orig +++ b/test/pix/firewall50.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:32 2011 PDT by vadim +! Generated Thu Apr 7 10:50:18 2011 PDT by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall6.fw.orig b/test/pix/firewall6.fw.orig index c6adf9a43..69b853b99 100755 --- a/test/pix/firewall6.fw.orig +++ b/test/pix/firewall6.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:32 2011 PDT by vadim +! Generated Thu Apr 7 10:50:18 2011 PDT by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall8.fw.orig b/test/pix/firewall8.fw.orig index e3b0ce371..fdcd31a56 100755 --- a/test/pix/firewall8.fw.orig +++ b/test/pix/firewall8.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:33 2011 PDT by vadim +! Generated Thu Apr 7 10:50:18 2011 PDT by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall80.fw.orig b/test/pix/firewall80.fw.orig index 6b8234922..ea8d17220 100755 --- a/test/pix/firewall80.fw.orig +++ b/test/pix/firewall80.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:33 2011 PDT by vadim +! Generated Thu Apr 7 10:50:19 2011 PDT by vadim ! ! Compiled for pix 8.2 ! Outbound ACLs: supported diff --git a/test/pix/firewall81.fw.orig b/test/pix/firewall81.fw.orig index 4eb7ae8df..ec8b26188 100755 --- a/test/pix/firewall81.fw.orig +++ b/test/pix/firewall81.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:33 2011 PDT by vadim +! Generated Thu Apr 7 10:50:19 2011 PDT by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall82.fw.orig b/test/pix/firewall82.fw.orig index 9cddde278..4ae918e69 100755 --- a/test/pix/firewall82.fw.orig +++ b/test/pix/firewall82.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:34 2011 PDT by vadim +! Generated Thu Apr 7 10:50:20 2011 PDT by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall83.fw.orig b/test/pix/firewall83.fw.orig index aeb9b6646..d071c69af 100755 --- a/test/pix/firewall83.fw.orig +++ b/test/pix/firewall83.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:34 2011 PDT by vadim +! Generated Thu Apr 7 10:50:20 2011 PDT by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall9.fw.orig b/test/pix/firewall9.fw.orig index c971cc3c4..bda6a7559 100755 --- a/test/pix/firewall9.fw.orig +++ b/test/pix/firewall9.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:34 2011 PDT by vadim +! Generated Thu Apr 7 10:50:20 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall90.fw.orig b/test/pix/firewall90.fw.orig index 25ef53cd0..c9d318d27 100755 --- a/test/pix/firewall90.fw.orig +++ b/test/pix/firewall90.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:35 2011 PDT by vadim +! Generated Thu Apr 7 10:50:20 2011 PDT by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall91.fw.orig b/test/pix/firewall91.fw.orig index 54061b6c9..6753d505f 100755 --- a/test/pix/firewall91.fw.orig +++ b/test/pix/firewall91.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:35 2011 PDT by vadim +! Generated Thu Apr 7 10:50:21 2011 PDT by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall92.fw.orig b/test/pix/firewall92.fw.orig index e1ee7ba36..4d4316f1b 100755 --- a/test/pix/firewall92.fw.orig +++ b/test/pix/firewall92.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:35 2011 PDT by vadim +! Generated Thu Apr 7 10:50:21 2011 PDT by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall93.fw.orig b/test/pix/firewall93.fw.orig index ffbcb7fc5..5f1726688 100755 --- a/test/pix/firewall93.fw.orig +++ b/test/pix/firewall93.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:36 2011 PDT by vadim +! Generated Thu Apr 7 10:50:21 2011 PDT by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall94.fw.orig b/test/pix/firewall94.fw.orig index 974c5b72c..040ce9706 100755 --- a/test/pix/firewall94.fw.orig +++ b/test/pix/firewall94.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:36 2011 PDT by vadim +! Generated Thu Apr 7 10:50:22 2011 PDT by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/fwsm1.fw.orig b/test/pix/fwsm1.fw.orig index 5fa7682c7..a3a374370 100755 --- a/test/pix/fwsm1.fw.orig +++ b/test/pix/fwsm1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:37 2011 PDT by vadim +! Generated Thu Apr 7 10:50:22 2011 PDT by vadim ! ! Compiled for fwsm 2.3 ! Outbound ACLs: supported diff --git a/test/pix/fwsm2.fw.orig b/test/pix/fwsm2.fw.orig index f585bed3d..a4a1b8b5d 100755 --- a/test/pix/fwsm2.fw.orig +++ b/test/pix/fwsm2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:37 2011 PDT by vadim +! Generated Thu Apr 7 10:50:22 2011 PDT by vadim ! ! Compiled for fwsm 4.x ! Outbound ACLs: supported diff --git a/test/pix/pix515.fw.orig b/test/pix/pix515.fw.orig index 4c68de4ab..dfb3b01af 100755 --- a/test/pix/pix515.fw.orig +++ b/test/pix/pix515.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:37 2011 PDT by vadim +! Generated Thu Apr 7 10:50:23 2011 PDT by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/real.fw.orig b/test/pix/real.fw.orig index 0ee1b3842..9110434d7 100755 --- a/test/pix/real.fw.orig +++ b/test/pix/real.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3505 +! Firewall Builder fwb_pix v4.2.0.3519 ! -! Generated Mon Mar 21 12:46:38 2011 PDT by vadim +! Generated Thu Apr 7 10:50:23 2011 PDT by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/test_net_zone_2.fw.orig b/test/pix/test_net_zone_2.fw.orig new file mode 100755 index 000000000..a06543b2e --- /dev/null +++ b/test/pix/test_net_zone_2.fw.orig @@ -0,0 +1,90 @@ +! +! This is automatically generated file. DO NOT MODIFY ! +! +! Firewall Builder fwb_pix v4.2.0.3519 +! +! Generated Thu Apr 7 11:00:37 2011 PDT by vadim +! +! Compiled for pix 6.1 +! Outbound ACLs: not supported +! Emulate outbound ACLs: no +! Generating outbound ACLs: no +! Assume firewall is part of any: no +! +!# files: * test_net_zone_2.fw +! +! testing security levels and labels + +! N test_net_zone_2:NAT:0: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command. +! N test_net_zone_2:NAT:0: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command. + +! +! Prolog script: +! + +! +! End of prolog script: +! + + + + +nameif ethernet0 outside security0 + +nameif ethernet1 inside security100 + + +no logging buffered +no logging console +no logging timestamp +no logging on + + + +telnet timeout -1 + +clear ssh +aaa authentication ssh console LOCAL +ssh timeout -1 + +no snmp-server enable traps + + + + +no service resetinbound +no service resetoutside +no sysopt connection timewait +no sysopt security fragguard +no sysopt nodnsalias inbound +no sysopt nodnsalias outbound +no sysopt route dnat +floodguard disable + + +!################ +! +! Rule 0 (global) +access-list outside_acl_in deny ip any any +access-list inside_acl_in deny ip any any + + +access-group inside_acl_in in interface inside +access-group outside_acl_in in interface outside + +! +! Rule 0 (NAT) +! test_net_zone_2:NAT:0: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command. + +global (outside) 1 interface +nat (outside) 1 192.168.1.0 255.255.255.0 0 0 +nat (outside) 1 192.168.1.11 255.255.255.255 0 0 + + + +! +! Epilog script: +! + +! End of epilog script: +!